70% of Businesses Pay Up to Ransomware Extortionists

[Exterminator]

Ransomware became big business for cyber-criminals in 2016 with the malware on pace to bring in a record $1 billion for cyber-criminals this year, according to IBM. One of the reasons for that could be because so many businesses give into their demands—70% of them in fact.

An analysis by IBM X-Force found that out of this 70%, half paid $10,000+, while 20% paid $40,000+.

The survey also showed that 60% of all business executives indicated they’d be willing to pay ransom to recover data. Further, 25% of business executives said, depending upon the data type, they would be willing to pay between $20,000 and $50,000 to get access back to data.

Small businesses remain a ripe target for ransomware. Only 29% of small businesses surveyed have experience with ransomware attacks compared to 57% of medium-size businesses. While cyber-criminals may not view these businesses as offering a big payday, a lack of training on workplace IT security best practices can make them vulnerable. The study found that only 30% of small businesses surveyed offer security training to their employees, compared to 58% of larger companies.

To boot, cyber-criminals have turned ransomware extortion into a volume play, being less selective with their targets and more opportunistic. IBM found that the volume of spam e-mails containing ransomware hit epic proportions in 2016 with a staggering 6,000% increase from 2015.

Put another way, in 2015, .6% of all spam included ransomware, but in 2016 it was in nearly 40% or all spam messages.

Consumers aren’t much better off: IBM found that 55% of parents would pay the ransom to get back personal photos and memories. And 37% of consumers said they would pay over $100 to get data back. The reality is, most ransomware typically fetch $300 or more.

“While consumers and businesses have different experiences with ransomware, cybercriminals have no boundaries when it comes to their targets,” said Limor Kessem, executive security advisor, IBM Security and the report’s author. “The digitization of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware. Cyber-criminals are taking advantage of our reliance on devices and digital data creating pressure points that test our willingness to lose precious memories or financial security.”

With over 50% of parents and 30% of regular consumers willing to pay over $100 to get their photos and data back what would you do?

 

[DJ Panda]

I would never pay ransome because I have nothing worth paying for. I do most of my documents and files on google drive and even then I still have backups. Although, it might not help much I would report the attack to authorities as well.

 

[Wave]

I think one of the best things you can do in this situation is actually save a copy of the sample (the origin) and then submit it to AV vendors, since this will help others become protected from the threat much quicker, too - and in lucky cases, the AV vendor may find a weakness in the encryption throughout manual analysis of the sample and then may be capable of releasing a decryption tool, as we've seen plenty examples of in the past from vendors like Emsisoft, Kaspersky and ESET.

The only problem I have with reporting it to the authorities is that they usually cannot actually do much about it, because malware is evolving all the time and new techniques are being applied to conceal evidence... E.g. ransomware may connect via Tor to prevent tracking so the author can be paid by Bitcoins and not be caught by the authorities. As well as this, there are different laws depending on the country so someone attacking you from a country with weaker laws and without an extradition to the one you are currently in might let them get away free even if the authorities were able to trace it back. So in a lot of cases you would just end up wasting your time bothering... And the police may even need to confiscate the system temporarily for analysis for the investigation, but in a quarter of the time you could just use a backup you had made prior to infection after a format, or just format and start from fresh and be more careful for the future instead.

I really hope more and more companies start making sure they have regular backups and allow their staff to become educated within their own corporate environment on cyber-security through a custom course, because they will benefit from it a lot... If the staff are trained then they may be more sensible which will reduce the risk of infection (e.g. watching out for suspicious links, verifying email senders, etc.), and in the case of infection the backup can be utilized, preventing any thoughts of having to pay a ransom...

If I was infected with ransomware I would just format the hard drive, reinstall the OS and then use a clean backup which was taken prior to infection - and if I had lost the backup somehow, or the backup wasn't really clean in the end, I would just start fresh and accept that I messed up!

 

[Svoll]

I wouldn't pay any ransomware extortionist if I ever got infected as a consumer as I keep daily backups of my files and system images, however if it was business related and the cost of the data is worth more than the ransom, it would be a tough call.

Seeing how most companies are willing to pay such high amounts for ransomware attacks, I hope they would invest more in their system security, training for workers, and or more admins to prevent future attacks. I feel more ransomware will be developed if more and more business are paying, There should be a decline in ransomware if no one is paying as there would be no profit for the ransonware writers.

 

[AtlBo]

If I was infected with ransomware I would just format the hard drive, reinstall the OS and then use a clean backup which was taken prior to infection - and if I had lost the backup somehow, or the backup wasn't really clean in the end, I would just start fresh and accept that I messed up!

Is there a way internally in Windows to make it impossible for malware to know about a drive? Backup to that drive and no worries, except during the backup . I would love to see a backup utility that would work at night and turn off the internet and block process creation while it ran. If it also hid drives from malware, this would be a basically invincible system it seems.

 

[Wave]

Is there a way internally in Windows to make it impossible for malware to know about a drive? Backup to that drive and no worries, except during the backup . I would love to see a backup utility that would work at night and turn off the internet and block process creation while it ran. If it also hid drives from malware, this would be a basically invincible system it seems.

I sent you a PM.

I feel more ransomware will be developed if more and more business are paying, There should be a decline in ransomware if no one is paying as there would be no profit for the ransonware writers.

I'm afraid to say this is exactly what is happening and has been going on for awhile now, ransomware is just becoming more and more popular... These days, malware writers want to make money, therefore they tend to choose a threat type for their target victims which will generate them the most profit - as long as they can spread their ransomware round and successfully infect their rich targets, such as high-up businesses which have been storing either classified or private information on the target machines (and do not have backups of the data), then the malware writer will win.

I'm sure it's more common than not to find staff employees turning corrupt and working with a hacker to help them execute an attack on the companies systems, and this would make the job easier since the staff employee could even manually infect the machines with the ransomware for a cut in the profits, and even provide details on what specific security was being used on the systems, etc.

It's a cold world!

 

[Svoll]

I'm sure it's more common than not to find staff employees turning corrupt and working with a hacker to help them execute an attack on the companies systems, and this would make the job easier since the staff employee could even manually infect the machines with the ransomware for a cut in the profits, and even provide details on what specific security was being used on the systems, etc.

It's a cold world!

Yeah that would be tough to stop and having someone on the inside would make it easier for malware writers. I once interned at a company that doesn't allow employees to run .exe unless its on the whitelist or approved. That might have prevent some inside jobs.

 

[frogboy]

No i would not pay a cent, i am well backed up here for just such an occasion.

 

[Wave]

I once interned at a company that doesn't allow employees to run .exe unless its on the whitelist or approved

That's a really good point actually; Anti-Executable in general for Default Deny to all non-white-listed objects is one of the most effective methods of preventing infection in terms of it's power, because you'd only be allowing safe trusted programs which you have white-listed yourself.

The main problem with Anti-Executable is attackers social engineering their victims; if they aren't careful, they may go and white-list the new program (if they have the correct rights to do so, e.g. they own their system), and then they will run it and become infected anyway.

Still, it's an amazing method IMO and very common - if used correctly that is.

No i would not pay a cent, i am well backed up here for just such an occasion.

We all know that frogs are very organised!

 

[tim one]

I wouldn't pay a cent to these criminals and I don't have to do this because of my backup policy.
Simply I suggest to these 70% of people to use the ransom's money for a good backup plan, rather.
Even if really there are free excellent software for this purpose.
The problem is the mental preparation for that!

 

[AtlBo]

Simply I suggest to these 70% of people to use the ransom's money for a good backup plan, rather.
Even if really there are free excellent software for this purpose.

Excellent idea. It seems so hard to carve out $50 or $100 for hardware for backup sometimes, but it's the best money spent for peace of mind. The dual drive Western Digital My Book can be found for a good price on ebay.

 

[In2an3_PpG]

The company i work for got hit twice with crypto in 2 years. Both times we did not pay a dime. We removed the PC that was infected and had our backups safe and sound on 2 Exablox.

 

[DardiM]

I answered "No".
Because system and data backups are not hard to be made.

 

[RicharDooM]

Put yourselves in their shoes guys... Personally, I'm against paying anything for ransomware, and that's why I backup all the time, but it's hard to refuse to pay if you own a business and you haven't backed up.

The problem is that most of the employees working in regular offices/businesses/etc are not PC savvy and do not backup at all. To make things worse, some of those people are responsible for the infection in the first place. Some studies I've found show that usual fault for infection with ransomware in the first place comes from withing the office. People still click on phishing emails, fake business offers, etc.

To make things worse, in most cases ransomware spreads throughout the whole company's network and with data like financial records, client reports or whatever one company might have they have to pay.

I think that companies and their employees most be "forced" to learn some basics regarding malware in general. In my own experience, most of the people don't take things seriously and are all like "It won't happen to me. I don't have anything worth hacking." attitude.

 

[Paul123]

Is there a way internally in Windows to make it impossible for malware to know about a drive? Backup to that drive and no worries, except during the backup . I would love to see a backup utility that would work at night and turn off the internet and block process creation while it ran. If it also hid drives from malware, this would be a basically invincible system it seems.

On my laptop I have two SSDs (replaced the DVD driver with a caddy) and I keep my data on a separate SSD drive to my Windows. When I have had a virus or malware it always been on the windows drive and Ive never had to recreate the data drive. I backup my windows drive regularly using Acronis, and copy any data to external SSDs, but it does suggest most malware goes for the windows drive. My company seem to do the same, but more for the reason that if they do a wndows restore, you dont lose your data. Its been a while since I had n infection though so things might of changed.

I think the survey question is a bit general. In a business I might say yes, but for home I would definitely say no. I backup regularly, and personally anything I have is not worth a ransom, and I only see encourages the practice. With work its different, that data could be highly important and I can see circumstances where I might pay.

 

[Deleted Member 3a5v73x]

The problem is that most of the employees working in regular offices/businesses/etc are not PC savvy and do not backup at all. To make things worse, some of those people are responsible for the infection in the first place. Some studies I've found show that usual fault for infection with ransomware in the first place comes from within the office. People still click on phishing emails, fake business offers, etc.

To make things worse, in most cases ransomware spreads throughout the whole company's network and with data like financial records, client reports or whatever one company might have they have to pay.

I think that companies and their employees most be "forced" to learn some basics regarding malware in general. In my own experience, most of the people don't take things seriously and are all like "It won't happen to me. I don't have anything worth hacking." attitude.

In my country some of the hospital IT's don't make backups of PC's at all, just relay on the "Avast Business Security", if they are hit by some Ransom they are paralayzed for hours or even days, people can't get in (register at clinic when entering, and can't get out without papers being done) in the worst case Ransom spreads throughout the whole network and hit other 100+ PC's

 

[Paul123]

In my country some of the hospital IT's don't make backups of PC's at all, just relay on the "Avast Business Security", if they are hit by some Ransom they are paralayzed for hours or even days, people can't get in (register at clinic when entering, and can't get out without papers being done) in the worst case Ransom spreads throughout the whole network and hit other 100+ PC's

I was amazed in China, when working at some of the Chinese banks there that most still used Windows XP, and win 2003 server and seemed to have no concept of security protection. Chinese friend's machines there also seemed plastered with adware and malware. On the other hand nobody seemed bothered by the government's Chinese firewall - friend's who worked in the universities there were given VPN connections to bypass it by the university, and I never heard of anyone being prosecuted or visited by the authorities. Considering a lot of the malware comes from China, its quite worrying how little protection they had. Software piracy was also ripe, and most had 'pirated' windows. In fact when I once asked to buy a 'genuine' copy of some software I was met with a very blank look.

 

[MalwareBlockerYT]

I would just restore from a backup or use a decryptor personally.

 

[jamescv7]

With that numbers, the move to pay for ransomware extortionist is definitely a lame and desperate move.

Unfortunately some I.T people are already stuck on their comfort zone, without encouragement to learn different aspect of problems like on the article mentioned.

I.T training must boost more advance learning concepts so to cope for fast pace trend. Now for the company, backup is already a common and proven method to retrieve your files efficiently and less maintenance without spending thousands of security products.